Driver updates, always a pain! Microsoft are fixing it with the Windows Update drivers in the update rings in Intune, but until that includes Firmware as well it’s best to use the tools available.
Fortunately, both Dell and HP offer utilities to update drivers and they both have command line switches which we can use.
Scripts are all here
To make this easier to deploy with Intune, I like to create folders to organise everything so you will find the install/uninstall commands, a text file with the detection method, an icon and an output folder with the package intunewin file.
For this I’ll run through the source folder with the script
Dell
The install.bat copies the scripts to a new folder on the c:\ drive, runs a ps1 to add a scheduled task and then installs the tool (silently)
if not exist "C:\driversupd\" mkdir C:\driversupd
copy %~dp0runupdate.bat c:\driversupd\runupdate.bat
copy %~dp0schtask.ps1 c:\driversupd\schtask.ps1
Powershell.exe -executionpolicy bypass -File c:\driversupd\schtask.ps1
start "" Dell-Command-Update-Application_8D5MC_WIN_4.3.0_A00_01.exe /sThe powershell script registers a scheduled task to run every 2 weeks and check for updates
Edit: Replaced DriverUpdate with applyUpdates, thanks for Nicolas for spotting in the comments.
Also running the command in-line for security.
#Configure Scheduled Task for driver updates
#Set the action
$action = New-ScheduledTaskAction -Execute “C:\Program Files\Dell\CommandUpdate\dcu-cli.exe” -Argument “/applyUpdates -silent -reboot=disable -outputlog=c:\driversupd\log.log”
#Set a trigger
$trigger = New-ScheduledTaskTrigger -Weekly -WeeksInterval 2 -DaysOfWeek Friday -At 1pm
#Set to run as system
$principal= New-ScheduledTaskPrincipal -UserID “NT AUTHORITY\SYSTEM” -LogonType “ServiceAccount” -RunLevel “Highest”
#Set a Name
$taskname = "Intune Driver Updates"
#Set a Description
$taskdescription = "Weekly driver update Friday at 13:00"
#Require AC Power
$Settings = @{
AllowStartIfOnBatteries = $false
DontStopIfGoingOnBatteries = $false
}
$settings= New-ScheduledTaskSettingsSet @settings
#Register the Task
Register-ScheduledTask -TaskName $taskname -Trigger $trigger -Action $action -Principal $principal -Settings $settings -Description $taskdescription -ForceHP
Similar to Dell, only using HP Image assistant
First, copy the files and install the utility. Watch the arguments here or it will launch the GUI on install
if not exist "C:\driversupd\" mkdir C:\driversupd
mkdir c:\driversupd\hp
copy %~dp0runupdate.bat c:\driversupd\runupdate.bat
copy %~dp0schtask.ps1 c:\driversupd\schtask.ps1
copy %~dp0hpupdate.exe c:\driversupd\hpupdate.exe
Powershell.exe -executionpolicy bypass -File c:\driversupd\schtask.ps1
start "" c:\driversupd\hpupdate.exe /s /e /f c:\driversupd\hpCreate your scheduled task
#Set the action
$action = New-ScheduledTaskAction -Execute 'c:\driversupd\hp\HPImageAssistant.exe /Action:Install /AutoCleanup /Category:Drivers /Silent'
#Set a trigger
$trigger = New-ScheduledTaskTrigger -Weekly -WeeksInterval 2 -DaysOfWeek Friday -At 1pm
#Set a Name
$taskname = "Intune Driver Updates"
#Set a Description
$taskdescription = "Weekly driver update Friday at 13:00"
#Register the Task
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname -Description $taskdescription
#Configure Scheduled Task for Firmware updates
#Set the action
$action = New-ScheduledTaskAction -Execute 'c:\driversupd\hp\HPImageAssistant.exe /Action:Install /AutoCleanup /Category:Firmware /Silent'
#Set a trigger
$trigger = New-ScheduledTaskTrigger -Weekly -WeeksInterval 2 -DaysOfWeek Friday -At 2pm
#Set a Name
$taskname = "Intune Firmware Updates"
#Set a Description
$taskdescription = "Weekly firmware update Friday at 14:00"
#Register the Task
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $taskname -Description $taskdescriptionI’ve chosen not to update BIOS with this one, but it can be done with the inclusion of password files. A full list of options are in the manual
There we go, drivers and firmware no longer an issue!
Hi Andrew,
I have deployed the Intune win file as system, the files copy over to the C Drive correctly but the scheduled tasks fails to be created. When running the PS Script manually, the task does work. This is for the HP update.
Thank you,
Jazzy.
Hi,
Are you getting any errors? Is it running in the system context?
Hi,
Whee would the errors be presented? Yes it is in the system context.
Thank you,
Jazzy.
Event viewer and IME logs would be my first place to start. If the files have copied, the script has probably run so it’s working out why it hasn’t completed.
You could add logging into the script itself potentially as well
Hey Andrew – if deploying Driver and Firmware updates via Intune update rings – is there any need to have the likes of the Dell support assistant installed on machines going forward.
Hi, Sometimes you will get the updates slightly quicker directly from Dell, but if this isn’t an issue, using the update rings will be easier to manage
Hello Andrew,
I could not find the Github repository for this article. Would you mind sharing it please?
Also this works for all drivers[Audio, WIfi, DVD & so on…] for these two manufacturers[Hp & Dell] correct?
Hi,
The repo is here:
https://github.com/andrew-s-taylor/public/tree/main/driver-update
Yes, all drivers for Dell and HP
Thank you so much for prompt response
Thanks Andrew, Prompt response and loving the great work you do!
Hi,
Great work, do you have a script for Lenovo by any chance with it having a tool called Lenovo Vantage as the driver updater.
Thanks
Danny
I don’t yet, but it might be worth checking Phil’s work here:
https://blog.lenovocdrt.com/#/
Lenovo already support quite a lot with Intune
Ignore that, this is only for windows 10. Will try and find another solution unless there is some way to make it work on 11
It should work on Windows 11, I’ll do some testing
I’ve just pushed out an update, can you try the new version?
Hi Andrew!,
I got the intune package from your github, and deployed it, but the schedule task fails to be created. I have tried to run the .\schtask.ps1 directly and I get this error:
New-ScheduledTaskAction : A parameter cannot be found that matches parameter name ‘silent’.
At C:\driversupd\schtask.ps1:26 char:125
+ … mmandUpdate\dcu-cli.exe†-Argument “/applyUpdates -silent -reboot …
+ ~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-ScheduledTaskAction], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,New-ScheduledTaskAction
New-ScheduledTaskPrincipal : Cannot process argument transformation on parameter ‘LogonType’. Cannot convert value
““ServiceAccount— to type “Microsoft.PowerShell.Cmdletization.GeneratedTypes.ScheduledTask.LogonTypeEnum”. Error:
“Unable to match the identifier name “ServiceAccount†to a valid enumerator name. Specify one of the following
enumerator names and try again:
None, Password, S4U, Interactive, Group, ServiceAccount, InteractiveOrPassword”
At C:\driversupd\schtask.ps1:32 char:85
+ … rID “NT AUTHORITY\SYSTEM†-LogonType “ServiceAccount†-RunLev …
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-ScheduledTaskPrincipal], ParameterBindingArgumentTransformationExc
eption
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,New-ScheduledTaskPrincipal
Register-ScheduledTask : Cannot validate argument on parameter ‘Action’. The argument is null or empty. Provide an
argument that is not null or empty, and then try the command again.
At C:\driversupd\schtask.ps1:50 char:70
+ … ledTask -TaskName $taskname -Trigger $trigger -Action $action -Princi …
+ ~~~~~~~
+ CategoryInfo : InvalidData: (:) [Register-ScheduledTask], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Register-ScheduledTask
And the runupdate.bat had this error.
.\runupdate.bat
C:\driversupd>”C:\Program Files (x86)\Dell\CommandUpdate\dcu-cli.exe” /applyUpdates -silent -reboot=disable -outputlog=”c:\driversupd\log.log”
The system cannot find the path specified.
the intune package was deployed and showed as a success but nothing apart from c:\driversupd seem to be in the system.
Any ideas for all this?
Hi Andrew,
where we can find the correct script for the schedule part?
Thank you
Hi,
Can you try this please:
$Settings = @{
AllowStartIfOnBatteries = $false
DontStopIfGoingOnBatteries = $false
}
$settings= New-ScheduledTaskSettingsSet @settings
Thanks
Hi Andrew,
I’m currently trying to implement the HP driver into my intune environment however I’m running into issues with installing the utility and running the first script. Any ideas where I should start when setting this?
Hi, are you getting any error messages? First thing to check is that the files have been copied to the local machine, then check if the scheduled task exists.
I forgot to note. Part of the issue was the arguments weren’t defined correctly when testing. They were in the execute path which task scheduler doesn’t like.
It did copy correctly and I re-tested with success for creating the scheduled task. I did, however, then have issues with how the scheduled task was configured with your scheduled task script. After modifications I have came to land at this for that (this allowed me to run this as system which was needed as well as required to be plugged in which I discovered was necessary as I had firmware updates come through):
$schtaskDescription = “Bi-weekly driver update Friday at 12:00”
$taskname = “Intune Driver Updates”
$trigger = New-ScheduledTaskTrigger -Weekly -WeeksInterval 2 -DaysOfWeek Friday -At 12pm
$principal= New-ScheduledTaskPrincipal -UserID “NT AUTHORITY\SYSTEM” -LogonType “ServiceAccount” -RunLevel “Highest”
$action = New-ScheduledTaskAction -Execute “C:\Program Files\Dell\CommandUpdate\dcu-cli.exe” -Argument “/applyUpdates -silent -reboot=disable -outputlog=c:\driversupd\log.log”
$settings= New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries = $false -DontStopIfGoingOnBatteries = $false
Register-ScheduledTask -TaskName $taskname -Trigger $trigger -Action $action -Principal $principal -Settings $settings -Description $schtaskDescription -Force
Thank you, I have updated the blog post and source code on Github. I’ve updated the executable in the Intunewin file as well.
Hey Andrew,
Thanks for the reply. I couldn’t find your email address looking through the site. The install.bat ran and created the folders properly, copied the files, and installed Dell Command Update on my test PC. However, it did not create the scheduled task via the powershell script.
Hi, did the powershell script copy into the folder ok? Do you have Applocker or anything else on the machine which would restrict PowerShell scripts from running?
I modified this to update the newest version of Dell Command Update.
I am having issues though as now the powershell call isn’t running automatically. It dropped the files but didn’t run. I had to run it manually. Thoughts?
Hi, is it the scheduled task which isn’t running, or the installation itself? Feel free to email me with screenshots if it’s easier
Hello Andrew,
Regarding your script,
To launch Dell command update in cli you use the command :
dcu-cli.exe /driverinstall
This CLI option installs all the base drivers for the present configuration on a newly installed Windows operating system.
Don’t you think we should run the following command instead :
dcu-cli.exe /applyUpdates
Applies all updates for the current system configuration.
The idea is that at the preload install dell driver package and then only launch periodically the updates ?
Hi Nicolas,
Thanks for spotting that, definitely makes more sense to update as these are post install.
I have updated the post and the github scripts / win32 app
I’ve also put the command in-line instead of launching a batch script for a bit of added security.
Yes, I can see a key as you have mentioned and under there I see the data related to Google Chrome
Nothing more 🙁
Hey Andrew,
I have implemented this in our organization but with changes to run the scheduled task with ‘NT AUTHORITY\SYSTEM’ account and to run with highest privilege. Today when running the task I’m getting result as ‘(0x5)’. At the same time, a different task using same ‘NT AUTHORITY\SYSTEM’ and high privilege works without any problem.
Can you help me ?
Hi,
An 0x5 error is normally to do with permissions, it might be worth checking the permissions on the files/folder the task is running to check there isn’t something odd happening there.
You could also try running manually using psexec in the system context ( PsExec.exe -i -s cmd.exe) – This will give you a command prompt running as system so you can test.
If that doesn’t help, let me know which you’re running and I’ll do some testing too
Thank you for your reply Andrew…!
I have checked on the permissions for the files and folder, System account has right permissions there.
When I tried running PsExec.exe -i -s cmd.exe, it says ”PsExec.exe’ is not recognized as an internal or external command, operable program or batch file.’
I have tried running this as normal user and also as administrator. It’s very strange that it worked for the first times successfully for dell update and now it fails. At the same time it works perfectly for a different task.
It would be great if you could help here
Hi Isaac,
Did you download PSExec and extract it to the working directory first?
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
If you run the Dell command update manually from a command prompt, does that complete without errors? It could be an issue with the app itself rather than the task running it.
I’m going to try running it on my Dell machine to see what happens as well.
Thanks
Hey Andrew
Not before your comment, but now I have downloaded and tried running the same command after extracting the file to the working directory. But throws error as ‘Access is denied’ when running as normal user without admin privilege.
When I try to run as admin, it throws error as ‘PsExec could not start cmd.exe on Hostname:
The system cannot find the file specified.’
As the next item, I tried executing runupdate.bat as admin from command. It throws error as below
‘A previous operation requires a system reboot to complete. You may execute this command after the system has restarted.
The program exited with return code: 5’
I have checked under HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired and HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending, Both are false. I have also just restarted the computer few minutes before.
Can you check if there is a key called PendingFileRenameOperations in here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
I’m testing and being prompted for admin credentials once the task runs – any ideas? my users are not local admin.
Did you deploy the script in the system context? Can you check which user the scheduled task is running under? It should be on the SYSTEM user to avoid prompting
The uninstall for HP is a copy of Dell on github.
Thank you, well spotted! Have fixed it now (and re-packaged into Intunewin too)
Since you are using powershell, before line 6, you can add these lines:
cd $ENV:UserProfile\Downloads
wget “https://dl.dell.com/FOLDER07582763M/5/Dell-Command-Update-Application-for-Windows-10_GRVPK_WIN_4.3.0_A00_03.EXE”
Absolutely, but obviously the path would need regularly updating in the install script.